Hi, I am experiencing a strange issue with DNS resolution between my replicas, could you please help me to figure it out?
My topology is: rhel-ipa.ims.example.com => rhel-ipa-replica.ams.ims.example.com => rhel-ipa-newreplica.ams.ims.example.com All three are IPA servers with DNS. And I've created two zones: "ims.example.com" and "ams.ims.example.com". It worked fine while I had just two first IPA servers, both servers could resolve any host in any of the two zones. But now I added the third IPA server (rhel-ipa-newreplica), and that new host cannot resolve anything in the parent domain "ims.example.com"... $ dig rhel-ipa.ims.telekom.de ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> rhel-ipa.ims.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61092 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;rhel-ipa.ims.example.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Mar 14 18:02:46 CET 2019 ;; MSG SIZE rcvd: 52 What am I missing here...? As per my understanding, each IPA server should "feel" authoritative for each of the two zones, because they are replicated. So even forwarding should not take place here... Btw I tried to play with forwarder configuration, but so far - no luck. What am I missing for this setup to work...? How to make rhel-ipa-newreplica to resolve hosts from parent domain...? -- Regards, Dmitry Perets. "The more one knows, the less opinions he shares" -- Wilhelm Schwebel
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
